eve/filetypes: common init for threaded and non-threaded

In 7.0 if EVE was non-threaded, the ThreadInit for the filetype was
not called meaning that the filetype author had to handle the threaded
and non-threaded cases.

To simplify this, if non-threaded, still call ThreadInit (and
ThreadDeinit) once with a thread_id of 0. This should simplify
authoring EVE filetype plugins.

diff --git a/examples/plugins/c-json-filetype/filetype.c b/examples/plugins/c-json-filetype/filetype.c
index e85273d768851883f897d569dd422e1b2f50afe2..9b7d86e80b6d3b709116468a183db987734ec828 100644 (file)
--- a/examples/plugins/c-json-filetype/filetype.c
+++ b/examples/plugins/c-json-filetype/filetype.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2020-2023 Open Information Security Foundation
+/* Copyright (C) 2020-2024 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -43,9 +43,6 @@ typedef struct ThreadData_ {
 typedef struct Context_ {
     /** Verbose, or print to stdout. */
     int verbose;
-
-    /** A thread context to use when not running in threaded mode. */
-    ThreadData *thread;
 } Context;
 
 /**
@@ -59,9 +56,9 @@ typedef struct Context_ {
  * \param data A pointer where context data can be stored relevant to this
  *      output.
  *
- * Eve output plugins need to be thread aware as the threading happens at lower
- * level than the EVE output, so a flag is provided here to notify the plugin if
- * threading is enabled or not.
+ * Eve output plugins need to be thread aware as the threading happens
+ * at a lower level than the EVE output, so a flag is provided here to
+ * notify the plugin if threading is enabled or not.
  *
  * If the plugin does not work with threads disabled, or enabled, this function
  * should return -1.
@@ -92,15 +89,6 @@ static int FiletypeInit(ConfNode *conf, bool threaded, void **data)
     }
     context->verbose = verbose;
 
-    if (!threaded) {
-        /* We're not running in threaded mode so allocate a thread context here
-         * to avoid duplication of context data such as file pointers, database
-         * connections, etc. */
-        if (FiletypeThreadInit(context, 0, (void **)&context->thread) != 0) {
-            SCFree(context);
-            return -1;
-        }
-    }
     *data = context;
     return 0;
 }
@@ -115,12 +103,9 @@ static int FiletypeInit(ConfNode *conf, bool threaded, void **data)
  */
 static void FiletypeDeinit(void *data)
 {
-    printf("TemplateClose\n");
+    SCLogNotice("data=%p", data);
     Context *ctx = data;
     if (ctx != NULL) {
-        if (ctx->thread) {
-            FiletypeThreadDeinit(ctx, (void *)ctx->thread);
-        }
         SCFree(ctx);
     }
 }
@@ -140,12 +125,12 @@ static void FiletypeDeinit(void *data)
  * of "eve.<thread_id>.json". This plugin may want to do similar, or open
  * multiple connections to whatever the final logging location might be.
  *
- * In the case of non-threaded EVE logging this function is NOT called by
- * Suricata, but instead this plugin chooses to use this method to create a
- * default (single) thread context.
+ * In the case of non-threaded EVE logging this function is called
+ * once with a thread_id of 0.
  */
 static int FiletypeThreadInit(void *ctx, ThreadId thread_id, void **thread_data)
 {
+    SCLogNotice("thread_id=%d", thread_id);
     ThreadData *tdata = SCCalloc(1, sizeof(ThreadData));
     if (tdata == NULL) {
         SCLogError("Failed to allocate thread data");
@@ -166,6 +151,7 @@ static int FiletypeThreadInit(void *ctx, ThreadId thread_id, void **thread_data)
  */
 static int FiletypeThreadDeinit(void *ctx, void *thread_data)
 {
+    SCLogNotice("thread_data=%p", thread_data);
     if (thread_data == NULL) {
         // Nothing to do.
         return 0;
@@ -194,11 +180,7 @@ static int FiletypeWrite(const char *buffer, int buffer_len, void *data, void *t
     Context *ctx = data;
     ThreadData *thread = thread_data;
 
-    /* The thread_data could be null which is valid, or it could be that we are
-     * in single threaded mode. */
-    if (thread == NULL) {
-        thread = ctx->thread;
-    }
+    SCLogNotice("thread_id=%d, data=%p, thread_data=%p", thread->thread_id, data, thread_data);
 
     thread->count++;
 

diff --git a/src/output-json.c b/src/output-json.c
index 830027cb02c4bec687959018c8db227cca855e11..be2cc81fe2be50631b4c0394ad1468bf5be8798a 100644 (file)
--- a/src/output-json.c
+++ b/src/output-json.c
@@ -1015,12 +1015,15 @@ static int LogFileTypePrepare(
                 return -1;
             }
         }
-        void *init_data = NULL;
-        if (json_ctx->filetype->Init(conf, json_ctx->file_ctx->threaded, &init_data) < 0) {
+        if (json_ctx->filetype->Init(conf, json_ctx->file_ctx->threaded,
+                    &json_ctx->file_ctx->filetype.init_data) < 0) {
+            return -1;
+        }
+        if (json_ctx->filetype->ThreadInit(json_ctx->file_ctx->filetype.init_data, 0,
+                    &json_ctx->file_ctx->filetype.thread_data) < 0) {
             return -1;
         }
         json_ctx->file_ctx->filetype.filetype = json_ctx->filetype;
-        json_ctx->file_ctx->filetype.init_data = init_data;
     }
 
     return 0;

diff --git a/src/util-logopenfile.c b/src/util-logopenfile.c
index 5675b145be7ca94a7431129657344afcd66b5a31..b58bdd43efc77dce8a0153c2b3d10e61ec651282 100644 (file)
--- a/src/util-logopenfile.c
+++ b/src/util-logopenfile.c
@@ -871,7 +871,7 @@ int LogFileFreeCtx(LogFileCtx *lf_ctx)
         SCReturnInt(0);
     }
 
-    if (lf_ctx->type == LOGFILE_TYPE_FILETYPE && lf_ctx->parent != NULL) {
+    if (lf_ctx->type == LOGFILE_TYPE_FILETYPE) {
         lf_ctx->filetype.filetype->ThreadDeinit(
                 lf_ctx->filetype.init_data, lf_ctx->filetype.thread_data);
     }